So I have file.txt.ncTo decrypt it you have to enter a passphrase which is then compared to an SHA1 hash. Cracking an SHA1 should be no problem, but I have no clue how the hash is stored or how to get to it. Anyone have any ideas about how one could find the hash?

Hmm, maybe you might want to look at the way the blowfish encryption algorithm works. I'm guessing that the decryption works by a process of blowfish-decrypt(SHA1(%YOUR_PASS_HERE%), %THE_FILE%) . The SHA1 hash isn't stored anywhere, it isn't being compared anywhere, it is being used directly in decryption process regardless of whether it is right or wrong. If you hash the wrong password, it will simply decrypt it wrong and you will simply get a garbage file. Try some file encryption cracker which breaks the blowfish algorithm.